exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-02-13

GNU Privacy Guard 2.2.13
Posted Feb 13, 2019
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes and code improvements added.
tags | tool, encryption
SHA-256 | 76c787a955f9e6e0ead47c9be700bfb9d454f955a7b7c7e697aa719bac7b11d8
CA Privileged Access Manager Information Disclosure / Modification
Posted Feb 13, 2019
Authored by Kevin Kotas, Bob Brust | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities. CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication. Affected versions include 3.2.1 and below, 3.1.2 and below, and 3.0.x releases.

tags | advisory, remote, web, vulnerability
advisories | CVE-2019-7392
SHA-256 | 9c5a5f6ca2aa8a6ce81a83bde72cb11f97523d34decd86e6c4c47a10af0cb17a
Nokia 8810 Denial Of Service
Posted Feb 13, 2019
Authored by Kaustubh G. Padwad

A denial of service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.

tags | exploit, remote, web, denial of service, code execution
advisories | CVE-2019-7386
SHA-256 | 41ed47df5f0cb6c76f6d18138f1661d9ed68c2bbe0c204c4e5369cd7ff9e62fd
Raisecom Technology GPON-ONU HT803G-07 Command Injection
Posted Feb 13, 2019
Authored by Kaustubh G. Padwad

Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the newpass and confpass parameters in /bin/WebMGR.

tags | exploit
advisories | CVE-2019-7385
SHA-256 | e7ecf5fa2c6f869e62d82c9df7399dbcbd72c48e427d4b22e50975a3e101f661
Raisecom Technology GPON-ONU HT803G-07 Command Injection
Posted Feb 13, 2019
Authored by Kaustubh G. Padwad

Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the fmgpon_loid parameter.

tags | exploit
advisories | CVE-2019-7384
SHA-256 | 20c807e8e9b1420883bb9554d5567b9aa797cbf1aa083b30b34637600361e93f
SYSTORME ISG Command Injection
Posted Feb 13, 2019
Authored by Kaustubh G. Padwad

SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from an authenticated command injection vulnerability.

tags | exploit
advisories | CVE-2019-7383
SHA-256 | 74184a70ebca4b40a63ba803ab0d7c6c1d3778f3752608a8f155df9f97e121c8
SYSTORME ISG Cross Site Request Forgery
Posted Feb 13, 2019
Authored by Kaustubh G. Padwad

SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-19525
SHA-256 | 3afd770ed7f96641d003de944e95ad53a06c7f7713c9c607fef61adfddd70330
Red Hat Security Advisory 2019-0342-01
Posted Feb 13, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0342-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-16864, CVE-2018-16865
SHA-256 | 5592009185b8f2475f7dbf638898a17554a141582bcb0a280f2b2ccb019188a1
Ubuntu Security Notice USN-3889-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3889-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-6212
SHA-256 | dda1787f0dbfd98283d7284bdc4f36afc988fdec66d6832930b9aeff1f276394
Ubuntu Security Notice USN-3890-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3890-1 - It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-6975
SHA-256 | 6a9ddeb0d8050182dcbf58c517074dc7932f8a78f1922ff4d59ae8f466c11875
Slackware Security Advisory - lxc Updates
Posted Feb 13, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New lxc packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
SHA-256 | ba294a2305875c8a4e1604c8e41c7fa338799684c95c173cfb718806e4c207e6
Debian Security Advisory 4390-1
Posted Feb 13, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4390-1 - It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of "apply_extra" scripts which could potentially result in privilege escalation.

tags | advisory
systems | linux, debian
SHA-256 | 07aae12fced57e1688a59c95ea4a77bd9cd170611dac207f050e3c18e2aa294b
Ubuntu Security Notice USN-3888-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3888-1 - It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-3827
SHA-256 | afa4e465692d53d2ed4f9d41bb9be2201e4594674cfafc14c35965f9ae78c5cd
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, arbitrary, shell, local, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
SHA-256 | 09f311cd0808169606fe8f6d82efa2f6d9976ca93655f776e6a68b99bcab8228
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
SHA-256 | 1d020fdf71d65c1855e5e714df0baf4d63b98521c65f6d1cbc13110479244d5a
runc Host Command Execution
Posted Feb 13, 2019
Authored by FEEXD

runc versions prior to 1.0-rc6 (Docker < 18.09.2 host command execution proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2019-5736
SHA-256 | 58916ca55bef8e91b57754a95171d834f060a1120be8c793a1c442c3724d99cb
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close